## Critical Vulnerability in Eppendorf BioFlo 320 Bioreactors A severe security flaw has been identified in **Eppendorf BioFlo 320** bioreactors, potentially compromising critical infrastructure. The vulnerability, **CVE-2026-7251**, is due to the use of a hardcoded password for the VNC server, which, if exploited, could grant attackers full access to the bioreactor's functionality and data. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-146-01.json) ### Vulnerability Details The affected product, **Eppendorf BioFlo 320** Bioreactor (all versions), is vulnerable due to the VNC server utilizing a hard-coded password. A remote attacker who knows the network address of a BioFlo 320 model with remote access enabled can gain complete control of the user interface by exploiting this vulnerability. Once connected, the attacker would have unrestricted access to all control panel features of the BioFlo 320. Notably, VNC traffic is not encrypted, exacerbating the risk. **Affected Products:** * **Vendor:** Eppendorf * **Product Version:** Eppendorf BioFlo 320 Bioreactor: vers:all/* * **Product Status:** known_affected **Relevant CWE:** [CWE-259 Use of Hard-coded Password](https://cwe.mitre.org/data/definitions/259.html) ### Impact Successful exploitation of this vulnerability could allow an attacker to: * Gain full control of the BioFlo 320 bioreactor. * Access and manipulate sensitive data. * Disrupt critical processes within healthcare and public health sectors. ### Recommended Mitigations The **Cybersecurity and Infrastructure Security Agency (CISA)** recommends the following measures to mitigate the risk of exploitation: * Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls, isolating them from business networks. * When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Ensure VPNs are updated to the most current version available. Recognize that VPN security is dependent on the security of the connected devices. **CISA** also advises organizations to perform proper impact analysis and risk assessment before deploying defensive measures and encourages the implementation of recommended cybersecurity strategies for proactive defense of ICS assets. ### Reporting and Additional Resources Organizations observing suspected malicious activity should follow established internal procedures and report findings to **CISA** for tracking and correlation against other incidents. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. ### Acknowledgments **BIO-ISAC** reported this vulnerability to **CISA**.