Recent incidents such as the Stuxnet worm have shown that cyber attacks can cause serious physical damage of Cyber-Physical System (CPS). Aiming at this problem, a risk assessment method based on attack graph was proposed. Firstly, the attack behavior of CPS was analyzed and the result showed that the vulnerabilities in physical devices such as Programmable Logic Controller (PLC) were the keys of cross-domain attack. Then the utilization modes and impact of vulnerabilities were described. Secondly, the risk assessment model was proposed as well as the successful-attack-probability index and the attack-impact index. Furthermore, the successful-attack-probability index was calculated considering the intrinsic characteristics of vulnerabilities and the ability of attacker. The attack-impact index was calculated considering the host importance and the utilization mode of vulnerabilities. The method was developed to assess the cyber layer and physical layer as a whole system and the impact of multiple cross-domain attacks on system risk was considered. The numerical examples show that the risk of combined attack is five times the risk of a single attack and the risk value obtained is more accurate.