The introduction of IoT technology in different domains and systems has led to a spectacular increase in the number of connected objects. However, this increase in resourceconstrained devices was accompanied by numerous vulnerabilities, allowing attackers to penetrate deeply into IoT networks. As identifying these vulnerabilities is a difficult task, our work aims to propose a general threat and vulnerability assessment method, taking into consideration the IoT constraints to identify and assess the vulnerabilities and possible attacks on IoT networks. This method uses several existing databases but focuses on entries relevant to IoT components. We validate our approach using an IoT smart healthcare system as a case study. The suggested approach has produced an applicable methodology to provide a tool for users, vendors, and researchers to be aware of vulnerabilities and possible attacks on an IoT system.