CVE-2026-7251
BaseFortify
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eppendorf | bioflo_320 | 5.0 |
| eppendorf | bioflo_120 | 04.00 |
| eppendorf | bioflo_320 | 05.00 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7251 is a critical security vulnerability in the Eppendorf BioFlo 320 bioprocess controller involving its Virtual Network Computing (VNC) remote access feature.
The vulnerability arises because the VNC server uses a hard-coded password, allowing a remote attacker who knows the network address of any BioFlo 320 device with remote access enabled to gain full control of the user interface without authentication.
Additionally, VNC traffic is not encrypted, which increases the risk of interception or unauthorized access.
Eppendorf has addressed this issue by releasing software updates that remove VNC access entirely from the BioFlo 320, and VNC was disabled by default in shipped systems.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a remote attacker to gain full control over the BioFlo 320's user interface and all control panel features.
This means the attacker could manipulate device settings, disrupt bioprocess operations, or cause operational failures.
Because VNC traffic is unencrypted, attackers could also intercept sensitive information or credentials.
The vulnerability has a high severity score (CVSS v3.1 base score of 9.8), indicating a critical impact with no required privileges or user interaction for exploitation.
Mitigation involves applying the software update that removes VNC access, verifying VNC is disabled, restricting VNC settings to authorized roles, and minimizing network exposure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the VNC server on the Eppendorf BioFlo 320 using a hard-coded password and unencrypted traffic. Detection can focus on identifying active VNC services on the network address of BioFlo 320 devices.
You can scan your network for open VNC ports (default port 5900) on devices suspected to be BioFlo 320 models. For example, using nmap:
- nmap -p 5900 <target-ip>
If the port is open, attempt to connect with a VNC client to check if the hard-coded password grants access. Additionally, verify if VNC access is enabled on the device by checking device settings or configuration interfaces.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include verifying that VNC access is disabled on the BioFlo 320 device, as it is disabled by default in shipped systems.
Restrict VNC settings to Admin and Supervisor roles if VNC must be used temporarily.
Apply the software update version 05.00 for the BioFlo 320, which permanently removes VNC access and addresses the vulnerability.
Additionally, minimize network exposure of the control system by isolating it behind firewalls and using secure remote access methods such as VPNs.