CVE-2026-7251CRITICAL 9.8EPSS p34.8%

CVE-2026-7251CVE-2026-7251

Description

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.44% probability of exploitation · percentile 34.8% · 2026-06-19T12:03:05Z
Published2026-05-26
Last modified2026-06-04

Underlying weaknesses· 1

CWE-259

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-146-01.json
  2. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-146-01
  3. https://www.eppendorf.com/software-downloads

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Passwordcwe-2590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32992
CVE
CVE-2025-46352
CVE
CVE-2025-63225
CVE
CVE-2025-64310
CVE
CVE-2025-27255
CVE
CVE-2025-40743
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.