Wacom Co.,Ltd. — 8 prefixes (MA-L); Japanese graphics-tablet maker, peripheral/input devices

Wacom Co.,Ltd. holds eight IEEE MA-L blocks, all registered under the single string "Wacom Co.,Ltd." (the oldest, 00:13:C2, carries the legacy spelling "WACOM Co.,Ltd"). Seven of the eight blocks list the current registry address at Sumitomo Fudosan Shinjuku Grand Tower 31F, Nishi-shinjuku, Tokyo; the older 00:13:C2 block traces to an earlier Saitama-prefecture address (Otone-machi, Kitasaitama-gun), consistent with Wacom's roots in Saitama, where the company was founded in 1983. Wacom makes graphics input peripherals — pen tablets (Intuos, Bamboo), pen displays (Cintiq, Wacom One, Movink), digital styluses, and enterprise signature pads (the STU series). On a network these OUIs surface almost exclusively as Bluetooth-paired creative tablets or USB-connected signature pads, not as standalone Ethernet or Wi-Fi hosts; a Wacom prefix on a wired or Wi-Fi scan would be unusual and worth a second look. From a triage standpoint the network risk is low: no remotely exploitable CVEs are known, and all documented vulnerabilities require local access. The notable security history is software-side, not network-side — the 2020 disclosure that Wacom's macOS tablet driver transmitted the names and timestamps of every application a user opened to Google Analytics under an opt-in-by-default "Wacom Experience Program," plus a pair of 2024 Windows local-privilege-escalation CVEs in the Wacom Center service. Treat the OUI as identifying a peripheral, and remember that the real attack surface is the host-side driver, not the tablet itself.

IEEE assignment

8 prefixes → "Wacom Co.,Ltd." (00:13:C2 registered as legacy "WACOM Co.,Ltd") [Confirmed] — IEEE MA-L (enrichment/registries/oui.csv lines 879, 1916, 17361, 22556, 23711, 24087, 24988, 28773)

Registry / block size

MA-L (24-bit OUI); 8 IEEE prefixes (~134.2M addresses). No MA-M or MA-S entries exist for Wacom. [Confirmed] — IEEE oui.csv; corroborated by maclookup.app. NOTE: IEEE's public OUI data publishes NO assignment/registration date (oui.csv columns are only Registry, Assignment, Organization Name, Organization Address); any "date registered" on third-party tools (e.g. maclookup.app) is a database artifact, not an IEEE fact.

HQ / country

Sumitomo Fudosan Shinjuku Grand Tower 31F, 8-17-1 Nishi-shinjuku, Shinjuku-ku, Tokyo 160-6131, JP (registry address on 7 of 8 blocks); the older 00:13:C2 lists 2-510-1 Toyonodai, Otone-machi, Kitasaitama-gun, Saitama 349-1148, JP [Confirmed] — IEEE MA-L

Company status

active; Japanese graphics-input-peripheral maker, founded 1983 in Saitama [Confirmed] — en.wikipedia.org/wiki/Wacom, wacom.com

Device types

pen tablets (Intuos, Bamboo), pen displays (Cintiq, Wacom One, Movink), digital styluses, enterprise signature pads (STU series); wireless models pair via Bluetooth (BLE/Classic) [Confirmed] — wacom.com/en-us/products, support.wacom.com

Notable products

Intuos, Cintiq, Wacom One, Bamboo, STU signature pads

Verified prefix sample (all MA-L, Wacom Co.,Ltd.)

BC:06:2D, 68:A8:E1, 88:4A:70, E8:A8:48, 28:8E:B9, 4C:96:8A, 44:68:0C, 00:13:C2 [Confirmed] — IEEE oui.csv

Security context — driver telemetry (2020)

Wacom's macOS tablet driver silently sent the name and timestamp of every application opened to Google Analytics under the "Wacom Experience Program," enabled by default and re-enableable after driver updates. Vendor stated the data was anonymized for quality/development. No network exploit; the concern was data exfiltration via a privileged driver. [Confirmed] — theregister.com (2020/02/05), threatpost.com, securityboulevard.com

Security context — driver CVEs (2024)

CVE-2024-9766 and CVE-2024-12552 (both CVSS 7.8, High) affect Wacom Center / WTabletServicePro.exe on Windows — local low-priv attackers abuse symbolic-link handling to create arbitrary files and escalate to SYSTEM. CVE-2024-56629 is a Linux-kernel HID Wacom driver null-pointer dereference (local crash). All known CVEs require local access; none are remotely exploitable. [Confirmed] — github.com/advisories (GHSA-mx45-7gmp-84h6, GHSA-hwmr-m7qh-wxr9), cvedetails.com vendor_id-22643, cvefeed.io/vuln/detail/CVE-2024-56629

Network risk level

Low (peripheral/input device). Wacom OUIs appear as Bluetooth-paired tablets or USB-connected signature pads, not native network hosts. A Wacom MAC on an Ethernet/Wi-Fi scan is unusual — note it (possible USB-to-Ethernet adapter or MAC spoof), but it is not inherently threatening. [Likely] — theregister.com, cvedetails.com (inference from device class; no first-party Wacom network-posture statement)

Special note

The mam.csv (MA-M) hits for "HwaCom Systems Inc." are a different company and unrelated to Wacom Co.,Ltd. No oui36.csv (MA-S) match exists for Wacom. [Confirmed] — IEEE registry inspection

Related vendors

none material (single canonical registrant string; no subsidiaries holding separate registrations identified)

Analyst note

A Wacom OUI identifies a creative-input peripheral or signature pad, almost always reached over Bluetooth or USB rather than the LAN. The meaningful attack surface is the host-side driver (2024 Windows LPE CVEs; 2020 telemetry), not the tablet hardware — none of which is remotely exploitable.