ICS-CERT Publishes Two Metasploit Updated Advisories

Late this afternoon ICS-CERT published two updated advisories that were issued earlier this year; one for multiple vulnerabilities in CoDeSys Gateway-Web Servers and the other for a single vulnerability in the WellinTech KingView product. Both updates were necessary because the organization initially reporting the vulnerability had recently released a Metasploit module for exploiting the identified vulnerabilities.

Both Exodus Intelligence and Ioactive have produced Metasploit modules for the vulnerabilities that they reported in coordinated disclosures. EI explains on their web page that it is their intention to provide their customers with exploit tools for vulnerabilities that they discover. Apparently Ioactive has the same policy. This is becoming a more common approach as security researchers explore a variety of business models to make their security research worthwhile.

In both of these cases the exploit modules were published well after the ICS-CERT advisories were published. Thus the vendors had time to produce and distribute patches or updates to fix the vulnerabilities before the exploit tools became publicly available. Of course, no one really knows how many of the system owners actually knew about the vulnerabilities or if they did know actually had a chance to update their systems.