Eppendorf BioFlo 320 Bioreactor Exposed to Hard-coded Password Flaw

Eppendorf BioFlo 320 bioreactors, used in healthcare and research facilities worldwide, face a critical vulnerability through hard-coded VNC (Virtual Network Computing) credentials. Attackers with network access can exploit this flaw to gain complete control of the device's user interface and functionality. The vulnerability affects all BioFlo 320 models, with a CVSS severity score of 9.8. Eppendorf has released software updates removing VNC access permanently. Users are advised to verify VNC is disabled, restrict VNC settings to Admin and Supervisor roles, and install Version 5.0 software immediately. The company notes VNC shipped disabled by default but recommends security hardening measures. Source: Eppendorf Security Advisory.