Cyber physical systems (CPS) has been hailed as the next future of computing by integrating information technology into physical systems to increase their capabilities. Information network is an organic part of CPS, and vulnerability threat assessment of information network is one of the important bases of CPS risk assessment. In view of the limitation of general information network vulnerability threat assessment technology, this paper proposes an information network vulnerability threat assessment model based on dynamic attack and defence game. Firstly, a risk assessment model suitable for CPS is constructed based on the actual control scheduling of information system. At the same time, considering the constraint conditions of both sides, including the quantity of available resources, rational allocation of resources, cost-effectiveness and the number of attacked nodes, a more perfect information network vulnerability threat assessment model is established. Then, on this basis, the dynamic attack and defence game function and game solution steps are designed to realize the quantitative assessment of information network vulnerability threat of CPS risk assessment. Finally, a simulation test based on IEEE 34-node information network system is carried out to verify the effectiveness of the proposed method.