Risk assessment is an inevitable step in the implementation of cost-effective security strategies for control systems. One of the difficulties of risk assessment is to estimate the impact cyber-attacks may have. This paper proposes a framework to estimate the impact of several cyber-attack strategies against a dynamical control system equipped with an anomaly detector. In particular, we consider denial of service, sign alternation, rerouting, replay, false data injection, and bias injection attack strategies. The anomaly detectors we consider are stateless, cumulative sum, and multivariate exponentially weighted moving average detectors. As a measure of the attack impact, we adopt the infinity norm of critical states after a fixed number of time steps. For this measure and the aforementioned anomaly detectors, we prove that the attack impact for all of the attack strategies can be reduced to the problem of solving a set of convex minimization problems. Therefore, the exact value of the attack impact can be obtained easily. We demonstrate how our modeling framework can be used for risk assessment on a numerical example.