CVE-2026-7251

Published: Mag 26, 2026 Last Modified: Mag 26, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.

259

Use of Hard-coded Password

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Hide Activities Reduce Maintainability
Applicable Platforms
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/…
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-…
https://www.cisa.gov/news-events/ics-medical-advisories/ics…
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-146-01
https://www.eppendorf.com/software-downloads
https://www.eppendorf.com/software-downloads