CWE-1299
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1299page 1 of 1
- CVE-2021-3788MEDIUMCVSS 6.8EG 6.82021-11-12
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.
- CVE-2022-43557MEDIUMCVSS 5.3EG 5.32022-12-05
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump.…
- CVE-2023-29060MEDIUMCVSS 5.4EG 5.42023-11-28
The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfilt…
- CVE-2023-29063LOWCVSS 2.4EG 2.42023-11-28
The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a…
- CVE-2024-39723MEDIUMCVSS 4.6EG 4.62024-07-08
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.
- CVE-2024-47944MEDIUMCVSS 6.8EG 9.82024-10-15
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.
- CVE-2025-1073HIGHCVSS 7.5EG 7.52025-04-10
Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.
- CVE-2025-26409MEDIUMCVSS 6.8EG 6.82025-02-11
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to …
- CVE-2025-35998HIGHCVSS 7.9EG 7.92026-02-10
Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user …
- CVE-2025-41697MEDIUMCVSS 6.8EG 6.82025-12-09
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.
Map vulnerabilities like CWE-1299 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1299 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →