If the physical processes controlled by the cyber physical system (CPS) are under malicious attacks, the consequences may endanger human life or pollute environment. Thus, vulnerability analysis at the design stage is crucial. In order to sabotage physical processes, the attacker needs not only IT (Informational Technology) part knowledge, but also the OT (Operational Technology) part knowledge. Most current cybersecurity research emphasizes IT part attacks. Nevertheless, this work focuses on vulnerability analysis of the OT part. We develop a systematical method to generate malicious attack scenarios along with corresponding run-time detection mechanism using assertions. We demonstrate the feasibility and effectiveness of the proposed method by a case study. We also present insights obtained from our experiments.