Cyber-Physical System Security. The problem of designing a false-data injection attack on a model predictive controlled system is considered with 1) limited knowledge of the plant, constraints, and controller characteristics; and 2) the ability to remain undetected by common set-membership-based anomaly detectors. More precisely, it is shown that it is possible for an attacker to estimate the a priori unknown disturbance set and then use this knowledge to masquerade as a disturbance and drive the plant to a desired (by the attacker) target. The attack was formulated as a robust optimization problem and was solved using LMI relaxation and illustrated on the linearized longitudinal dynamics of a benchmark aircraft model.