Description

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to disclose information such as generated power and electricity sold back to the grid stored in the product, tamper with or destroy stored or configured information in the product, or cause a Denial-of-Service (DoS) condition on the product, by using hardcoded user ID and password common to the product series obtained by exploiting CVE-2025-5022. The affected products discontinued in 2015, support ended in 2020.

INFO

Published Date :

2025-07-10T08:34:13.758Z

Last Modified :

2025-09-19T00:11:19.035Z

Source :

Mitsubishi
AFFECTED PRODUCTS

The following products are affected by CVE-2025-5023 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5023.

URL Resource
https://jvn.jp/vu/JVNVU90283680/ cve-icon cve-icon
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-007_en.pdf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact