Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have full access to all control panel features for the BioFlo 320. VNC traffic is not encrypted.
AnalysisAI
Hard-coded VNC password in the Eppendorf BioFlo 320 bioprocess control system allows any remote attacker who can reach the device on the network to take full control of its user interface without authentication. The flaw (CWE-259) is rated CVSS 9.3 and carries an SSVC technical impact of 'total' with automatable exploitation, though no public exploit has been identified at time of analysis and EPSS is low at 0.10%.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the BioFlo 320's VNC service (typically TCP/5900) and that the device's remote access feature is enabled - the description explicitly states 'remote access enabled' as a precondition, so units deployed without VNC remote access are not exposed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N with high confidentiality, integrity, and availability impact reflects a worst-case profile for the device itself: network-reachable, no privileges, no user interaction, and full control of the HMI once connected. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has reached the lab/OT network - for example through a phished engineering workstation or a misconfigured VPN - scans for TCP/5900 (VNC), identifies a BioFlo 320, and authenticates with the known hard-coded password recovered from firmware or vendor documentation. With full HMI control they could alter setpoints (temperature, pH, agitation, gas flow) on an active bioreactor run, halt processes, or silently capture sensitive bioprocess parameters; no public exploit is identified at time of analysis, but the attack is trivially scriptable per the SSVC 'Automatable: yes' determination. |
| Remediation | No vendor-released patched version is identified in the available data; the references point to Eppendorf's general software downloads page (https://www.eppendorf.com/software-downloads) and the CISA ICS-MA advisory (https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-146-01), so operators should consult those for any firmware update or vendor-recommended mitigation specific to their unit. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all Eppendorf BioFlo 320 systems in your environment; restrict network access to essential connections only; disable remote VNC access where operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-259 – Use of Hard-coded Password
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31912
GHSA-v6xg-wr2p-xrj3