Use of Hard-coded Credentials in Mitsubishi Electric EcoGuideTAB PV System

CVE-2025-5023

What is CVE-2025-5023?

The Mitsubishi Electric EcoGuideTAB photovoltaic system monitor is vulnerable due to the use of hard-coded credentials. Attackers within Wi-Fi range can exploit this vulnerability to gain unauthorized access to sensitive data, including generated power and energy sold to the grid. Additionally, malicious actors could tamper with or erase critical configuration data and potentially trigger a Denial-of-Service condition. The risk is notably present in all versions of both PV-DR004J and PV-DR004JA models. It's important to note that this vulnerability only affects active devices, as those that enter power-saving mode after being unused for up to 5 minutes are safeguarded against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References