Transportation networks play a vital role in society's well-being. While in the past, transportation networks were considered fragile only against threats in physical space (e.g., natural hazards), this is no longer the case. Previous events (e.g., Denial of Services attack against the Swedish Transport Administration) have highlighted the susceptibility of transportation domain to cyber-attacks. The integration of Internet of Things based wireless sensor networks in the sensing layer of a critical transportation infrastructure, increase the vulnerability of transportation networks to cyber-physical attacks. Current vulnerability assessment studies that treat transportation networks in the form of a graph (i.e., nodes, edges), overlook the security issues. In this paper, a new vulnerability assessment approach for transportation network subjected to cyber-physical attack, is proposed. The novelty of the approach relies on the consideration of vulnerabilities states, both in physical and cyber space, using a Bayesian network attack graph. A new probability indicator, that considers different attacker characteristics (e.g., skills) and control barriers (e.g., cameras) is proposed to drive the assignment of probability scores to vulnerability states. Following the probability-based ranking table, we measure the vulnerability of transportation network as a drop of network efficiency, after the removal of the highest probability-based ranked nodes. A transportation network case study is used to demonstrate the application of the approach. Monte Carlo simulations are performed as a method to evaluate the results, that indicate that transportation networks are probabilistically more susceptible to cyber-physical attacks, when IoT enabled transportation infrastructure is based on deficient control barriers. The approach is of interest to stakeholders (i.e., operators, civil and security engineers) who attempt to incorporate the cyber domain in vulnerability assessment procedures of their system.