Many recent incidents and attacks on cyber physical systems across various industries demonstrate that the risks emerge from combination of vulnerabilities in different elements as opposed to IT networks and systems where a single vulnerability in an element can compromise the entire system. In the past decade, efforts have been increasingly invested in CPS security research worldwide, sharpening or adapting guidelines, recommendations, standards and tools. However, a gap remains in understanding the vulnerability level as well as the capacities of recovery in case of composite vulnerabilities in such systems. This paper presents a brief literature review followed by a road map for composite vulnerability research in CPS.