Connected vehicles (CV) applications are an emerging new technology that promises to revolutionize transportation systems. CV applications can improve safety, efficiency, and capacity of transportation systems while reducing their environmental footprints. A large number of CV applications have been proposed towards these goals, with the US Department of Transportation (US DOT) recently initiating three deployment sites. Unfortunately, the security of these protocols has not been considered carefully, and due to the fact that they affect the control of vehicles, vulnerabilities can lead to breakdowns in safety (causing accidents), performance (causing congestion and reducing capacity), or fairness (vehicles cheating the intersection management system). In this paper, we perform a detailed analysis of a recently published CV-based application protocol, Cooperative Adaptive Cruise Control (CACC), and use this analysis to classify the types of vulnerabilities that occur in the context of connected Cyber-physical systems such as CV. We show using simulations that these attacks can be extremely dangerous: we illustrate attacks that cause crashes or stall emergency vehicles. We also carry out a more systematic analysis of the impact of the attacks showing that even an individual attacker can have substantial effects on traffic flow and safety even in the presence of message security standard developed by US DOT. We believe that these attacks can be carried over to other CV applications if they are not carefully designed. The paper also explores a defense framework to mitigate these classes of vulnerabilities in CV applications.