CISA alerts to hardcoded password flaw in Eppendorf BioFlo 320

THE CISA issued an advisory (ICSMA-26-146-01) regarding vulnerabilities in the Eppendorf BioFlo 320 bioreactor, released on May 26, 2026. The advisory highlights a critical vulnerability (CVSS score 9.8), due to a hard-coded password in the VNC server, allowing remote attackers to gain full control of the device. Affected versions include all BioFlo 320 models. CISA recommends immediate software updates from Eppendorf to mitigate risks, highlighting practices to minimize network exposure and secure remote access. No public exploits targeting this vulnerability have been reported.