Wireless communication is being used as an enabling technology with traditional fixed traffic control systems in this transitional era toward Intelligent Transportation Systems (ITS). Unfortunately, major security concerns have arisen with respect to ever-increasing complexity and interconnectivity, and a noticeable lack of attention for security in these systems. Addressing concerns is a colossal challenge as it requires thorough development and formal analysis of a system model with respect to security. To tackle this challenge, we present a novel formal attack modeling and impact analysis methodology based on the Link Queue Model (LQM) of traffic flow inside a double ring road network, which is equivalent to a grid network with homogeneous links. We develop attack models as functions of tampered traffic control settings (e.g., green time ratios, cycle length, retaining ratios) with outputs equivalent to mobility impacts on the traffic network (e.g., time until system reaches state convergence, asymptotic average network flow). Further, for a given attack model, we define and identify vulnerable states: states that are critical to protect because they lead to negative impacts under the given attack model. Using our methodology we found that for certain vulnerable states, after only a few cycles of tampered control settings an attacker could cause a real impact of 1.5x speed-up in gridlock state convergence or 37%-99% drop in the asymptotic average flow rate. These results imply potentially drastic financial costs for cities and all involved drivers if similar attacks were performed on a real traffic control system.