Eppendorf BioFlo 320
Summary
The Eppendorf BioFlo 320 bioreactor is affected by a critical vulnerability (CVE-2026-7251) due to the use of a hard-coded password for its VNC server. Successful exploitation allows an attacker to gain full control of the bioreactor's functionality and data, posing a significant risk to the healthcare and public health sectors.
IFF Assessment
This vulnerability allows for unauthorized access and control of critical medical equipment, directly impacting patient safety and healthcare operations.
Severity
The CVSS score of 9.8 reflects the critical nature of this vulnerability, emphasizing its high attack vector (network accessible VNC), low complexity, and significant impact on confidentiality, integrity, and availability of the affected system.
Defender Context
This alert highlights the severe risks associated with hard-coded credentials in operational technology (OT) systems, particularly in critical infrastructure like healthcare. Defenders should prioritize auditing and securing OT environments, ensuring default or hard-coded credentials are changed, and implementing network segmentation to limit the attack surface.