Late this afternoon ICS-CERT published two updated advisories that were issued earlier this year; one for multiple vulnerabilities in CoDeSys Gateway-Web Servers and the other for a single vulnerability in the WellinTech KingView product. Both updates were necessary because the organization initially reporting the vulnerability had recently released a Metasploit module for exploiting the identified vulnerabilities.
Both Exodus Intelligence and Ioactive have produced Metasploit modules for the vulnerabilities that they reported in coordinated disclosures. EI explains on their web page that it is their intention to provide their customers with exploit tools for vulnerabilities that they discover. Apparently Ioactive has the same policy. This is becoming a more common approach as security researchers explore a variety of business models to make their security research worthwhile.